Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Need help about TS-Web Access, TS Gateway and Session borker architecture!

Answered Need help about TS-Web Access, TS Gateway and Session borker architecture!

  • Wednesday, June 13, 2012 7:27 PM
     
     
    Sign In to Vote
    0

    Hello,

    I am interested by microsoft TS solution and I need your help please to understand the good design to install TS-Web Access, TS Gateway and Session borker. I have to install 4 terminal servers and publish rmote app via TS Web Access and TS Gateway. and I have some questions:

    1) I have to install the TS Gateway in DMZ segment, right? if yes, why the TS Gateway should be joigned to the domain? to authenticate users but this will be a risk to put a machine joigned to domain into DMZ segment!!

    2) Where should I install the TS Web Access? LAN or DMZ? and with which server it communicates? Broker session? terminal servers? and via which ports? it should be installed standalone or with another roles like TS Gateway?

    3) The broker session should be installed standalone or with another roles? it must be on the Lan segment right?

    4) How much users can TS Gateway, TS Web access, broker session and TS servers can supports? I use OS 2008 R2.

    Thank you for your help

     

All Replies

  • Thursday, June 14, 2012 6:41 AM
     
     
    Sign In to Vote
    0

    Another question: Is reverse proxy supported, if yes I want to put Gateway on the LAN and a reverse proxy on DMZ. It'is supported?

    Thank you

     
  • Thursday, June 14, 2012 10:33 AM
     
     
    Sign In to Vote
    0
    Not so clear?!
     
  • Thursday, June 14, 2012 9:52 PM
     
     
    Sign In to Vote
    0
    up!!
     
  • Monday, June 18, 2012 7:23 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi,

    For security reasons it is preferred to have a firewall (one example: TMG 2010) that is capable of SSL Bridging.  In this way incoming HTTPS connections to your RD Gateway and RD Web Access server(s) are terminated at the firewall and new HTTPS connections are established to RDG/RDWeb on your LAN.  This gives the firewall the opportunity to examine the incoming traffic for malicious packets before they reach your RDG/RDWeb.

    RDWeb needs to communicate via RPC with your Remote Desktop Session Host (old name Terminal Server) servers or your RD Connection Broker server, depending on which you would like to use as the source for the RemoteApp icons that will display on the RDWeb page.

    It is preferred to have RD Connection Broker installed separate from your RDSH servers so that a RDSH server that is a member of your farm can be shut down for maintenance while still allowing users to connect to the other RDSH servers.  Depending on your security concerns, budget, preferred design, load, etc. you may combine some RDS roles onto the same server.  For example, you may want to combine RDWeb and RD Gateway onto the same server.

    Server 2008 R2 Standard allows up to 250 simultaneous connections for RDG and RDSH on a single server whereas Enterprise and Datacenter editions have no limit.  Of course you will need enough cpu/ram/io/bandwidth available to handle the load.

    The servers that will need the most resources will be your RDSH servers.  It is critical that you test the expected applications and user work/load patterns on a RDSH server to get an idea how many RDSH servers you will need to have in your farm to support the load.  I recommend you have enough RDSH servers in your farm to comfortably support peak user load with at least one RDSH server down.  That way if one server fails or you need to take a server down for maintenance all users will still be able to work.

    -TP